Metadata: Story Of How Whatsapp And Other Chat Apps Collect Data

Short Bytes: Who made the protocol that enables encryption of WhatsApp, Allo, Messenger, and other chat services; What does end-to-end encryption mean; What data exactly do you give away when you use WhatsApp, Messenger, Allo; The most secure alternative of all. Here, we’ll discuss all these apps and the “metadata” collected by them.

Everybody knows by now that WhatsApp has enabled end-to-end encryption, for their users. There also have been allegations, speculations, and research about how their end to end encryption has a backdoor that could let third-party people snoop, decrypt and read messages.

But what most of us don’t know, is what information they are already having access to by the pretext of the keyword metadata in their FAQs and public information of details of their information collection phrases.

In this Electronic Frontier Foundation post by Kurt Opsahl, he gives examples of what companies and governments can get hold of by the somewhat disguised use of the word metadata, getting information on basis of it, such as the following excerpts out of this article:

They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.

They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood’s number later that day. But nobody knows what you spoke about.

They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.

Even though WhatsApp doesn’t store backups on their servers, Whatsapp can collect data when, where, and with whom you communicate, it’s stated rather really vaguely which gives them freedom of sorts, ain’t it? In their own words:

Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.

Signal App retains only the phone number that you register on it with, and the last logged in time on their server, and only the day and no other minute or second.

When you enable WhatsApp’s feature of notifying you about a change in receiver’s key (which is needed for decryption), WhatsApp says it shouldn’t be a concern since receiver’s key can change on the new installation on device or reinstallation of WhatsApp itself, and suggests to continue using it.

“Any conversation can be configured to delete sent and received messages after a specified interval. The configuration applies to all parties of a conversation, and the clock starts ticking for each recipient once they’ve read their copy of the message.”